This was released today but there does not appear to be much info on whether this is already in the wild. It would be almost undetectable.
Apparently it is possible to use statistical analysis of the size of the surfaceflinger off-screen buffer to predict with 90% accuracy what another app is doing. All an attacker needs is an application that runs in the background, and does not require any special permissions. Once it determines that a user is entering his password, for example, it can bring to the foreground an identical looking password dialog and capture the login data. Since the user expects this behavior, they may never notice.
So far all I could find is the actual paper:
cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf
And some videos of a proof of concept have been posted:
f2bbs.com/thread/2234
The question is: has this been seen in the wild? Seems like a very serious threat without an obvious fix...
Apparently it is possible to use statistical analysis of the size of the surfaceflinger off-screen buffer to predict with 90% accuracy what another app is doing. All an attacker needs is an application that runs in the background, and does not require any special permissions. Once it determines that a user is entering his password, for example, it can bring to the foreground an identical looking password dialog and capture the login data. Since the user expects this behavior, they may never notice.
So far all I could find is the actual paper:
cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf
And some videos of a proof of concept have been posted:
f2bbs.com/thread/2234
The question is: has this been seen in the wild? Seems like a very serious threat without an obvious fix...
